[asterisk-bugs] [JIRA] (ASTERISK-27304) Registration with digest authentication in PJSIP fails if a username contains symbol @
Benjamin Keith Ford (JIRA)
noreply at issues.asterisk.org
Tue Oct 10 16:00:20 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=239230#comment-239230 ]
Benjamin Keith Ford commented on ASTERISK-27304:
------------------------------------------------
[~Pentium-5], the issue I worked on previously involved a crash when users put disallowed symbols in the from_user field in their configs. @ just so happened to be the one that the reporter used in that scenario as well. That fix is already in, but the issue you are talking about seems to be unrelated, as you mentioned. I have not been able to replicate it, however. I've constructed a simple registration and auth, much like the ones you have in the attached pjsip.conf file, and my registration goes through. Is there any additional information you can provide that we may be missing?
> Registration with digest authentication in PJSIP fails if a username contains symbol @
> --------------------------------------------------------------------------------------
>
> Key: ASTERISK-27304
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27304
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip
> Affects Versions: 13.16.0
> Environment: Operating system:
> CentOS7, x86_64, kernel 3.10.0-514.
> Reporter: Oleg
> Assignee: Benjamin Keith Ford
> Severity: Minor
> Attachments: pjsip.conf, SIP_digest_response.png
>
>
> For an endpoint with outbound authetication enabled, it is required to provide username in the format “user at domain”. However, outbound authentication fails in case username contains symbol “@” and PJSIP channel driver is used.
> The following options were attempted to resolve this issue.
> Option 1. Provide username in section “auth” in the format:
> username= +74852207186@ yar.ims.ctc.ru
> In this case, Asterisk does not identify the endpoint or send any SIP requests to it. It also provides the following errors in the log:
> ERROR[28847] res_pjsip_outbound_registration.c: Invalid client URI 'sip: +74852207186 at yar.ims.ctc.ru@10.1.1.1:5060' specified on outbound registration 'RostelecomPJ'
> ERROR[28847] res_pjsip/pjsip_options.c: Unable to create request to qualify contact sip: +74852207186@ yar.ims.ctc.ru @10.1.1.1:5060
> Option 2. Provide username in section “auth” in the format:
> username= “+74852207186@ yar.ims.ctc.ru”
> In this case, Asterisk identifies the endpoint and start sending OPTIONS and REGISTER requests. However, SIP digest authentication response generated by Asterisk contains an incorrect value.
> Manipulations with SIP Digest Calculator application reveal that values of “response” parameter generated by Asterisk and by this calculator are identical when the full username, including quotes, is taken as an argument. This makes it impossible to work with usernames containing @, but not containing quote symbols.
> Considering that the same username works with chan_sip driver, it is suggested to enable either Option 1 or Option 2 in PJSIP, namely:
> • allow providing symbol “@” in the username, or
> • exclude quotes around username when this argument is used for SIP digest response calculation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list